> It should perhaps be noted that best practice is to not bother with a
subject DN at all (setting it to an empty sequence) when an appropriate
SAN is included in the certificate.And for TLS purposes, this is exactly what the 6125-bis draft says, being discussed in the UTA working group. https://datatracker.ietf.org/doc/draft-ietf-uta-rfc6125bis/ Comments appreciated. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
